Jump to content

KS security breach


Recommended Posts

Kickstarter posted a notice about a recent security breach

 


Important Kickstarter Security Notice

Yancey Strickler ·

February 15 2014 ·

 

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

 

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

 

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

 

As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.

 

To change your password, log in to your Kickstarter account and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

 

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

 

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at [email protected].

 

Thank you,

Yancey Strickler
Kickstarter CEO

  • Like 2
Link to post
Share on other sites
  • Replies 37
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Thanks for sharing, briggart.  I just saw the notice as a backer of the Phoenix Project/City of Titans.  I'm a little disappointed that Kickstarter didn't send an email about it (maybe I just haven't received it yet, but whatever).

 

I use LastPass (password manager), and definitely recommend it if anyone is interested.  It has a built-in random password generator which is helpful for creating strong passwords.

Link to post
Share on other sites

Thanks for sharing, briggart.  I just saw the notice as a backer of the Phoenix Project/City of Titans.  I'm a little disappointed that Kickstarter didn't send an email about it (maybe I just haven't received it yet, but whatever).

 

I use LastPass (password manager), and definitely recommend it if anyone is interested.  It has a built-in random password generator which is helpful for creating strong passwords.

 

Check your spam folder. It looks like its going out to everyone.

Link to post
Share on other sites

 

Thanks for sharing, briggart.  I just saw the notice as a backer of the Phoenix Project/City of Titans.  I'm a little disappointed that Kickstarter didn't send an email about it (maybe I just haven't received it yet, but whatever).

 

I use LastPass (password manager), and definitely recommend it if anyone is interested.  It has a built-in random password generator which is helpful for creating strong passwords.

I got the KS notice on an older email account that's different from the one I'm currently using for KS (and where I usually get all the other KS notices). I think that was the account I originally registered with KS, but still... weird.

Link to post
Share on other sites

I got the notice, I'm very concerned about Identity theft with the information that has been taken.

 

Since payments go though Amazon not too much of a risk. If you used the same password across other sites it wouldn't be a bad idea to change it on them. The email address with its corresponding password (maybe) seems to be the only thing the got that isn't already readily found in a phone book. So as long as you make sure you aren't using the same email/password combination on other sites you should be fine.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...